From 96efdbb5b489a0f592671593e60fc4355477b7f1 Mon Sep 17 00:00:00 2001 From: Chet Ramey Date: Wed, 18 Jul 2018 10:23:04 -0400 Subject: [PATCH] commit bash-20180713 snapshot --- CWRU/CWRU.chlog | 60 ++++++++++++++++++++++++++++++++++++++++++++ braces.c | 4 +-- builtins/common.c | 2 +- builtins/declare.def | 9 ++++--- doc/bash.1 | 14 +++++------ doc/bashref.texi | 13 +++++----- eval.c | 3 +++ execute_cmd.c | 4 +-- externs.h | 1 + lib/sh/getenv.c | 2 +- parse.y | 7 ++++++ shell.c | 2 +- sig.c | 1 - support/man2html.c | 2 +- tests/RUN-ONE-TEST | 2 +- variables.c | 7 +++++- 16 files changed, 106 insertions(+), 27 deletions(-) diff --git a/CWRU/CWRU.chlog b/CWRU/CWRU.chlog index 665bb883..89bf32c8 100644 --- a/CWRU/CWRU.chlog +++ b/CWRU/CWRU.chlog @@ -3924,3 +3924,63 @@ lib/readline/doc/hstech.texi - history_quoting_state: describe effect of setting this variable - history_quotes_inihibit_expansion: expand the description to include the default quoting behavior that setting this variable enables + + 7/9 + --- +support/man2html.c + - unescape: use memmove instead of strcpy to handle overlapping strings + Report and fix from Bernhard M. Wiedemann + +lib/sh/getenv.c + - getenv: check that environ is non-NULL before looking through it. + Report and fix from Keeley Hoek + + 7/12 + ---- +braces.c + - mkseq: use better integer overflow handling for systems with 32-bit + ints and 64-bit intmax_ts. Bug reported by Simon Wörner + as the result of fuzzing + +builtins/declare.def + - declare_internal: make sure bind_variable returns non-NULL when + setting attributes for a variable named as an argument to declare + that also appears in the temporary environment (and is a nameref). + Bug reported by Simon Wörner + +parse.y,externs.h + - reset_readahead_token: new convenience function for the rest of + the shell, resets token_to_read if it's a newline (as it will be + after reset_parser is called) + +eval.c + - reader_loop: if we're just going to execute one command, make sure + the read-ahead token isn't set to something that will result in a + NULL command (by calling reset_readahead_token), since the code + will take that as the one command and set EOF_Reached + + 7/15 + ---- +doc/{bash.1,bashref.texi} + - indirect expansion: clarify that the expansion works on parameters, + not just variables (NAMEs). Suggested by konsolebox + diff --git a/braces.c b/braces.c index 7f76c71a..2a255c78 100644 --- a/braces.c +++ b/braces.c @@ -420,9 +420,9 @@ mkseq (start, end, incr, type, width) /* Instead of a simple nelem = prevn + 1, something like: nelem = (prevn / imaxabs(incr)) + 1; would work */ - nelem = (prevn / sh_imaxabs(incr)) + 1; - if (nelem > INT_MAX - 2) /* Don't overflow int */ + if ((prevn / sh_imaxabs (incr)) > INT_MAX - 3) /* check int overflow */ return ((char **)NULL); + nelem = (prevn / sh_imaxabs(incr)) + 1; result = strvec_mcreate (nelem + 1); if (result == 0) { diff --git a/builtins/common.c b/builtins/common.c index 0752f0d6..00be24ea 100644 --- a/builtins/common.c +++ b/builtins/common.c @@ -678,7 +678,7 @@ get_job_spec (list) if (DIGIT (*word) && all_digits (word)) { job = atoi (word); - return (job > js.j_jobslots ? NO_JOB : job - 1); + return ((job < 0 || job > js.j_jobslots) ? NO_JOB : job - 1); } jflags = 0; diff --git a/builtins/declare.def b/builtins/declare.def index 2574eba4..4c9ce4e9 100644 --- a/builtins/declare.def +++ b/builtins/declare.def @@ -939,9 +939,12 @@ restart_new_var_name: { tvalue = var_isset (var) ? savestring (value_cell (var)) : savestring (""); tv = bind_variable (var->name, tvalue, 0); - tv->attributes |= var->attributes & ~att_tempvar; - if (tv->context > 0) - VSETATTR (tv, att_propagate); + if (tv) + { + tv->attributes |= var->attributes & ~att_tempvar; + if (tv->context > 0) + VSETATTR (tv, att_propagate); + } free (tvalue); } VSETATTR (var, att_propagate); diff --git a/doc/bash.1 b/doc/bash.1 index 4798379e..73bd9204 100644 --- a/doc/bash.1 +++ b/doc/bash.1 @@ -739,7 +739,7 @@ to be matched as a string. An additional binary operator, \fB=~\fP, is available, with the same precedence as \fB==\fP and \fB!=\fP. When it is used, the string to the right of the operator is considered -an extended regular expression and matched accordingly (as in \fIregex\fP(3)). +a POSIX extended regular expression and matched accordingly (as in \fIregex\fP(3)). The return value is 0 if the string matches the pattern, and 1 otherwise. If the regular expression is syntactically incorrect, the conditional @@ -2954,16 +2954,16 @@ The \fIparameter\fP is a shell parameter as described above .PP If the first character of \fIparameter\fP is an exclamation point (\fB!\fP), and \fIparameter\fP is not a \fInameref\fP, -it introduces a level of variable indirection. -\fBBash\fP uses the value of the variable formed from the rest of -\fIparameter\fP as the name of the variable; this variable is then -expanded and that value is used in the rest of the substitution, rather -than the value of \fIparameter\fP itself. +it introduces a level of indirection. +\fBBash\fP uses the value formed by expanding the rest of +\fIparameter\fP as the new \fIparameter\fP; this is then +expanded and that value is used in the rest of the expansion, rather +than the expansion of the original \fIparameter\fP. This is known as \fIindirect expansion\fP. The value is subject to tilde expansion, parameter expansion, command substitution, and arithmetic expansion. If \fIparameter\fP is a nameref, this expands to the name of the -variable referenced by \fIparameter\fP instead of performing the +parameter referenced by \fIparameter\fP instead of performing the complete indirect expansion. The exceptions to this are the expansions of ${\fB!\fP\fIprefix\fP\fB*\fP} and ${\fB!\fP\fIname\fP[\fI@\fP]} described below. diff --git a/doc/bashref.texi b/doc/bashref.texi index 8867f9b0..59bf9594 100644 --- a/doc/bashref.texi +++ b/doc/bashref.texi @@ -1030,7 +1030,8 @@ to be matched as a string. An additional binary operator, @samp{=~}, is available, with the same precedence as @samp{==} and @samp{!=}. When it is used, the string to the right of the operator is considered -an extended regular expression and matched accordingly (as in @i{regex}3)). +a @sc{POSIX} extended regular expression and matched accordingly +(as in @i{regex}3)). The return value is 0 if the string matches the pattern, and 1 otherwise. If the regular expression is syntactically incorrect, the conditional @@ -1973,11 +1974,11 @@ interpreted as part of its name. If the first character of @var{parameter} is an exclamation point (!), and @var{parameter} is not a @var{nameref}, -it introduces a level of variable indirection. -Bash uses the value of the variable formed from the rest of -@var{parameter} as the name of the variable; this variable is then -expanded and that value is used in the rest of the substitution, rather -than the value of @var{parameter} itself. +it introduces a level of indirection. +Bash uses the value formed by expanding the rest of +@var{parameter} as the new @var{parameter}; this is then +expanded and that value is used in the rest of the expansion, rather +than the expansion of the original @var{parameter}. This is known as @code{indirect expansion}. The value is subject to tilde expansion, parameter expansion, command substitution, and arithmetic expansion. diff --git a/eval.c b/eval.c index 3104bffe..f02d6e40 100644 --- a/eval.c +++ b/eval.c @@ -69,6 +69,9 @@ reader_loop () our_indirection_level = ++indirection_level; + if (just_one_command) + reset_readahead_token (); + while (EOF_Reached == 0) { int code; diff --git a/execute_cmd.c b/execute_cmd.c index 126a54a8..7834c15d 100644 --- a/execute_cmd.c +++ b/execute_cmd.c @@ -1561,13 +1561,13 @@ execute_in_subshell (command, asynchronous, pipe_in, pipe_out, fds_to_close) setup_async_signals (); asynchronous = 0; } + else + set_sigint_handler (); #if defined (JOB_CONTROL) set_sigchld_handler (); #endif /* JOB_CONTROL */ - set_sigint_handler (); - /* Delete all traces that there were any jobs running. This is only for subshells. */ without_job_control (); diff --git a/externs.h b/externs.h index c6521d03..b00e56e0 100644 --- a/externs.h +++ b/externs.h @@ -109,6 +109,7 @@ extern int return_EOF __P((void)); extern void push_token __P((int)); extern char *xparse_dolparen __P((char *, char *, int *, int)); extern void reset_parser __P((void)); +extern void reset_readahead_token __P((void)); extern WORD_LIST *parse_string_to_word_list __P((char *, int, const char *)); extern int parser_in_command_position __P((void)); diff --git a/lib/sh/getenv.c b/lib/sh/getenv.c index 8b5e3406..1e682aef 100644 --- a/lib/sh/getenv.c +++ b/lib/sh/getenv.c @@ -69,7 +69,7 @@ getenv (name) if (var && exported_p (var)) return (value_cell (var)); } - else + else if (environ) { register int i, len; diff --git a/parse.y b/parse.y index 8496e2d1..0eb64130 100644 --- a/parse.y +++ b/parse.y @@ -3168,6 +3168,13 @@ reset_parser () token_to_read = '\n'; } +void +reset_readahead_token () +{ + if (token_to_read == '\n') + token_to_read = 0; +} + /* Read the next token. Command can be READ (normal operation) or RESET (to normalize state). */ static int diff --git a/shell.c b/shell.c index 96cdbe94..a9659bb8 100644 --- a/shell.c +++ b/shell.c @@ -363,7 +363,7 @@ main (argc, argv, env) #endif /* !NO_MAIN_ENV_ARG */ { register int i; - int code, old_errexit_flag; + int code, old_errexit_flag, old_onecmd; #if defined (RESTRICTED_SHELL) int saverst; #endif diff --git a/sig.c b/sig.c index 6934f4f9..8daec14b 100644 --- a/sig.c +++ b/sig.c @@ -268,7 +268,6 @@ initialize_terminating_signals () sigaction (XSIG (i), &oact, (struct sigaction *)NULL); #endif /* SIGPROF && !_MINIX */ } - #else /* !HAVE_POSIX_SIGNALS */ for (i = 0; i < TERMSIGS_LENGTH; i++) diff --git a/support/man2html.c b/support/man2html.c index 6ba50616..3ab105f3 100644 --- a/support/man2html.c +++ b/support/man2html.c @@ -1992,7 +1992,7 @@ unescape (char *c) while (i < l && c[i]) { if (c[i] == '\a') { if (c[i+1]) - strcpy(c + i, c + i + 1); /* should be memmove */ + memmove (c + i, c + i + 1, l - i); else { c[i] = '\0'; break; diff --git a/tests/RUN-ONE-TEST b/tests/RUN-ONE-TEST index 554f3d6e..58c375b7 100755 --- a/tests/RUN-ONE-TEST +++ b/tests/RUN-ONE-TEST @@ -1,4 +1,4 @@ -BUILD_DIR=/usr/local/build/bash/bash-current +BUILD_DIR=/usr/local/build/chet/bash/bash-current THIS_SH=$BUILD_DIR/bash PATH=$PATH:$BUILD_DIR diff --git a/variables.c b/variables.c index 97113e82..9927ea05 100644 --- a/variables.c +++ b/variables.c @@ -2939,7 +2939,12 @@ bind_variable_internal (name, value, table, hflags, aflags) } else if (entry && nameref_p (entry)) { - newval = nameref_cell (entry); + newval = nameref_cell (entry); /* XXX - newval can't be NULL here */ + if (valid_nameref_value (newval, 0) == 0) + { + sh_invalidid (newval); + return ((SHELL_VAR *)NULL); + } #if defined (ARRAY_VARS) /* declare -n foo=x[2] ; foo=bar */ if (valid_array_reference (newval, 0))